[go: up one dir, main page]

CN108183868A - It is handled using the Dynamic network device of external component - Google Patents

It is handled using the Dynamic network device of external component Download PDF

Info

Publication number
CN108183868A
CN108183868A CN201810135086.7A CN201810135086A CN108183868A CN 108183868 A CN108183868 A CN 108183868A CN 201810135086 A CN201810135086 A CN 201810135086A CN 108183868 A CN108183868 A CN 108183868A
Authority
CN
China
Prior art keywords
network device
virtual machine
data stream
service
services
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810135086.7A
Other languages
Chinese (zh)
Other versions
CN108183868B (en
Inventor
B·里杰斯曼
U·夏尔马
P·加尼森
S·拉马穆尔蒂
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Peribit Networks Inc
Original Assignee
Peribit Networks Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Peribit Networks Inc filed Critical Peribit Networks Inc
Publication of CN108183868A publication Critical patent/CN108183868A/en
Application granted granted Critical
Publication of CN108183868B publication Critical patent/CN108183868B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2408Traffic characterised by specific attributes, e.g. priority or QoS for supporting different services, e.g. a differentiated services [DiffServ] type of service
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本公开的实施例涉及一种使用外部部件的动态网络设备处理。网络设备可以接收关于识别服务的服务集的信息,以应用于经由网络设备的特定接口所接收的数据流;经由特定接口接收数据流;基于关于服务集的信息来识别服务以提供给数据流;识别处理设备以处理数据流;并且向处理设备提供所述数据流。处理设备可以不同于网络设备,并且可以代表网络设备处理数据流以形成处理的数据流。处理的数据流可以包括具有被应用于数据流的服务的数据流。网络设备可以进一步从处理设备接收处理的数据流,并且朝向目标设备发送处理的数据流。

Embodiments of the present disclosure relate to dynamic network device processing using external components. The network device may receive information about a service set identifying services to apply to data streams received via a specific interface of the network device; receive the data stream via the specific interface; identify services to provide to the data stream based on the information about the service set; A processing device is identified to process the data stream; and the data stream is provided to the processing device. A processing device may be distinct from a network device and may process a data stream on behalf of a network device to form a processed data stream. The processed data streams may include data streams with services applied to the data streams. The network device may further receive the processed data stream from the processing device and send the processed data stream towards the destination device.

Description

使用外部部件的动态网络设备处理Dynamic network device handling using external components

相关申请引用Related Application Citations

本申请是申请号为201310751351.1、申请日为2013年12月31日、优先权日为2012年12月31日、发明名称为“使用外部部件的动态网络设备处理”的发明专利申请的分案申请。This application is a divisional application of an invention patent application with the application number 201310751351.1, the application date is December 31, 2013, the priority date is December 31, 2012, and the invention title is "Dynamic Network Device Processing Using External Components" .

技术领域technical field

本发明涉及网络设备,更具体地涉及使用外部部件的动态网络设备处理的网络设备、方法以及系统。The present invention relates to network devices, and more particularly to network devices, methods and systems for dynamic network device processing using external components.

背景技术Background technique

诸如路由器的网络设备有时被用于处理、路由用户设备和服务器设备之间的数据流,并且向用户设备和服务器设备之间的数据流提供服务。网络设备有时包括广域网(WAN)接口卡(WIC)。WIC可以包括处理指令、路由表、或向网络设备提供指令用于处理数据流的一些其他信息。修改网络设备的功能和/或操作(例如,修改处理指令等)可能要求WAN卡的替代和/或专业的软件开发。Network devices, such as routers, are sometimes used to process, route, and provide services to data flows between user devices and server devices. Network devices sometimes include wide area network (WAN) interface cards (WICs). A WIC may include processing instructions, routing tables, or some other information that provides instructions to network devices for processing data flows. Modifying the functionality and/or operation of network devices (eg, modifying processing instructions, etc.) may require replacement of WAN cards and/or specialized software development.

发明内容Contents of the invention

根据一个示例性实施方式,方法可以包括通过网络设备接收关于服务集的信息。服务集可以识别服务以应用于经由网络设备的特定接口所接收的数据流。方法可以进一步包括通过网络设备由特定接口接收数据流;通过网络设备基于关于服务集的信息来识别服务以应用于数据流,并且通过网络设备识别处理设备以处理数据流。处理设备可以与网络设备有所不同。方法可以进一步包括通过网络设备给处理设备提供数据流。处理设备可以代表网络设备处理数据流以形成处理的数据流。处理的数据流可以包括具有被应用于数据流的服务的数据流。方法可以进一步包括通过网络设备从处理设备接收处理的数据流,并且通过网络设备将向目标设备发送处理的数据流。According to an exemplary embodiment, a method may include receiving, by a network device, information about a set of services. A service set may identify services to apply to data streams received via a particular interface of a network device. The method may further include receiving, by the network device, the data stream by the specific interface; identifying, by the network device, a service to apply to the data stream based on the information about the set of services, and identifying, by the network device, a processing device to process the data stream. Processing equipment can be different from network equipment. The method may further include providing the data stream to the processing device through the network device. The processing device may process the data stream on behalf of the network device to form a processed data stream. The processed data streams may include data streams with services applied to the data streams. The method may further include receiving the processed data stream from the processing device through the network device, and sending the processed data stream to the target device through the network device.

根据另一个示例性实施方式,网络设备可以接收关于服务集的信息。服务集可以包括标识符以识别服务以应用于经由网络设备的特定接口所接收的数据流。网络设备可以进一步经由特定接口接收数据流,基于关于服务集的信息来识别服务以应用于接收的数据流,向数据流添加可能包括标识符的元数据,并且识别处理设备以处理数据流。处理设备可以与网络设备有所不同。网络设备可以进一步给处理设备提供数据流。处理设备可以基于被包括在元数据中的标识符来识别服务,并且代表网络设备来处理数据流以形成处理的数据流。处理的数据流可以包括具有被应用于数据流的服务的数据流。网络设备可以进一步从处理设备接收处理的数据流,并且向目标设备发送处理的数据流。According to another example embodiment, a network device may receive information about a set of services. A service set may include an identifier to identify a service to apply to a data flow received via a particular interface of a network device. The network device may further receive the data stream via the particular interface, identify services to apply to the received data stream based on the information about the set of services, add metadata, possibly including an identifier, to the data stream, and identify a processing device to process the data stream. Processing equipment can be different from network equipment. The network device may further provide the data stream to the processing device. The processing device may identify the service based on the identifier included in the metadata and process the data stream on behalf of the network device to form a processed data stream. The processed data streams may include data streams with services applied to the data streams. The network device may further receive the processed data stream from the processing device and send the processed data stream to the destination device.

根据另一个示例性实施方式,用于存储指令的计算机可读介质可以包括具有以下内容的指令:多个指令,在通过和网络设备相关联的一个或多个处理器执行时,导致一个或多个处理器接收关于识别服务的服务集的信息,以应用于经由网络设备的特定接口接收的数据流,经由特定接口接收数据流,基于关于服务集的信息来识别服务以提供至数据流,并且识别多个虚拟机中的虚拟机以处理数据流。虚拟机可以与网络设备有所不同。多个指令可以进一步导致一个或多个处理器给虚拟机提供数据流。虚拟机可以基于服务集标识符来识别服务,并且可以代表网络设备来处理数据流以形成处理的数据流。处理的数据流可以包括具有被应用于数据流的服务的数据流。多个指令可以进一步导致一个或多个处理器从虚拟机接收处理的数据流;并且给目标设备提供处理的数据流。According to another exemplary embodiment, a computer-readable medium for storing instructions may include instructions having a plurality of instructions that, when executed by one or more processors associated with a network device, result in one or more a processor receives information about a service set identifying services to apply to a data flow received via a particular interface of the network device, receives the data flow via the particular interface, identifies a service to provide to the data flow based on the information about the service set, and A virtual machine among multiple virtual machines is identified to process data flow. A virtual machine can be different from a network device. The plurality of instructions may further cause one or more processors to provide data streams to the virtual machine. The virtual machine can identify the service based on the service set identifier and can process the data flow on behalf of the network device to form a processed data flow. The processed data streams may include data streams with services applied to the data streams. The plurality of instructions may further cause the one or more processors to receive the processed data stream from the virtual machine; and provide the processed data stream to the target device.

附图说明Description of drawings

图1图示本文中所描述的实施方式的示例概观;Figure 1 illustrates an example overview of the embodiments described herein;

图2图示本文中所描述的系统和/或方法可以在其中被实施的示例环境;FIG. 2 illustrates an example environment in which the systems and/or methods described herein may be implemented;

图3A图示网络设备的示例部件;FIG. 3A illustrates example components of a network device;

图3B图示可以被用于图2的环境内的设备的示例部件;FIG. 3B illustrates example components that may be used with the device within the environment of FIG. 2;

图4图示可以被在图2的环境中的一个或多个设备所存储的示例数据结构;FIG. 4 illustrates an example data structure that may be stored by one or more devices in the environment of FIG. 2;

图5图示用于使用虚拟机处理数据流的示例过程的流程图;以及5 illustrates a flow diagram of an example process for processing a data stream using a virtual machine; and

图6A-图6B和图7-8图示如本文中所描述的示例实施方式。6A-6B and 7-8 illustrate example embodiments as described herein.

具体实施方式Detailed ways

下面详细的描述参照附图。在不同的图中相同的附图标记可以识别相同或类似的元件。The following detailed description refers to the accompanying drawings. The same reference numbers in different drawings may identify the same or similar elements.

本文中所描述的系统和/或方法可以允许网络设备(例如,路由器、交换机、网关或一些其他网络设备)的过程、应用和/或服务发生在网络设备之外。例如,虚拟机可以执行修改网络设备的控制面的应用(例如,修改网络设备的路由表,在网络设备上安装防火墙过滤等)。此外,或备选地,虚拟机可以代表网络设备处理数据流以允许网络设备给数据流提供服务(例如,防火墙服务、网络地址转换(NAT)服务、广域网(WAN)优化服务、超文本传输协议(HTTP)头重写服务、压缩服务、负载均衡服务或一些其他类型的服务)。在一些实施方式中,客户端设备可以给虚拟机和网络设备提供服务集或应用以指导虚拟机来修改网络设备的控制面。在一些实施方式中,服务集可以指导网络设备给特定的数据流提供特定的服务,并且将特定的数据流引导到特定的虚拟机中,以使得特定的数据流可以接收服务。在一些实施方式中,服务集可以指导虚拟机给特定的数据流应用特定的服务。作为结果,网络设备的功能和/或操作可以被修改,而不需要修改网络设备本身。The systems and/or methods described herein may allow processes, applications, and/or services of a network device (eg, a router, switch, gateway, or some other network device) to occur outside of the network device. For example, the virtual machine can execute an application that modifies the control plane of the network device (eg, modifies the routing table of the network device, installs firewall filtering on the network device, etc.). Additionally, or alternatively, a virtual machine may process data streams on behalf of a network device to allow the network device to provide services to the data stream (e.g., firewall services, network address translation (NAT) services, wide area network (WAN) optimization services, hypertext transfer protocol (HTTP header rewriting service, compression service, load balancing service, or some other type of service). In some implementations, the client device may provide a set of services or applications to the virtual machine and the network device to instruct the virtual machine to modify the control plane of the network device. In some implementations, the service set can instruct the network device to provide a specific service for a specific data flow, and direct the specific data flow to a specific virtual machine, so that the specific data flow can receive the service. In some implementations, a service set can instruct a virtual machine to apply a specific service to a specific data stream. As a result, the functionality and/or operation of a network device can be modified without requiring modification of the network device itself.

图1图示本文中所描述的示例实施方式。如图1所示,网络设备可以从第一用户设备(例如,UD-1)经由网络设备的第一接口接收第一数据流(例如,数据流1)。为了接收处理支持以允许网络设备给第一数据流提供服务,网络设备可以识别用其通信(例如,基于接口)的特定的虚拟机(例如,VM-1)。进一步如图1所示,网络设备可以将数据流路由至虚拟机。虚拟机可以代表网络设备处理数据流以形成处理的数据流(例如,具有被应用于数据流的服务的数据流)。在一些实施方式中,网络设备可以将处理的数据流提供给目标设备。在一些实施方式中,为了给多个数据流提供服务(例如,数据流1到数据流M),网络设备可以接收多个数据流(例如,数据流1到M,其中M≥2),并且与多个虚拟机通信(例如,VM-1至VM-N,其中N≥2)。Figure 1 illustrates an example embodiment described herein. As shown in FIG. 1 , the network device may receive a first data stream (eg, data stream 1 ) from a first user device (eg, UD-1) via a first interface of the network device. To receive processing support to allow the network device to service the first data flow, the network device may identify a particular virtual machine (eg, VM-1 ) with which to communicate (eg, based on an interface). As further shown in FIG. 1 , the network device can route the data flow to the virtual machine. A virtual machine may process a data flow on behalf of a network device to form a processed data flow (eg, a data flow with a service applied to the data flow). In some implementations, the network device may provide the processed data stream to the target device. In some embodiments, in order to provide services for multiple data streams (eg, data stream 1 to data stream M), the network device may receive multiple data streams (eg, data streams 1 to M, where M≥2), and Communicate with multiple virtual machines (eg, VM-1 to VM-N, where N > 2).

在一些实施方式中,网络设备可以基于和服务集相关联的信息来识别服务以提供给数据流(以及用其通信的虚拟机,以便处理数据流以提供服务)。服务集可以包括识别网络设备的接口的信息、提供给通过接口所接收的数据流的服务,以及为了处理数据流并且给数据流提供服务而与其通信的虚拟机。In some implementations, the network device may identify services to provide to the data flow (and the virtual machines with which it communicates to process the data flow to provide the service) based on the information associated with the service set. The set of services may include information identifying an interface of a network device, services provided to data flows received through the interfaces, and virtual machines with which to communicate for processing and providing services to the data flows.

如上所述,虚拟机可以执行应用以修改网络设备的控制面。例如,虚拟机可以修改网络设备的控制面以指导网络设备以特定的方式路由特定的数据流(例如,将一些数据流路由至特定的虚拟机用于处理,阻截一些其他数据流等)。As noted above, virtual machines can execute applications to modify the control plane of a network device. For example, a virtual machine can modify the control plane of a network device to instruct the network device to route certain data flows in a specific manner (eg, route some data flows to specific virtual machines for processing, block some other data flows, etc.).

由于虚拟机可以被用于代表网络设备处理数据流,或修改网络设备的控制面,网络设备可以能够通过在公共设施上与虚拟机通信来给任何数目的数据流提供任何数目的服务。进一步,虚拟机可以通过位于各种地理位置的服务器来存储。Since a virtual machine may be used to process data flows on behalf of a network device, or to modify the control plane of a network device, a network device may be able to provide any number of services to any number of data flows by communicating with a virtual machine over a utility. Further, virtual machines can be stored by servers located in various geographical locations.

虽然系统和/或方法是从与虚拟机通信的网络设备的方面来描述,实际上,网络设备可以与物理服务器、WAN卡、容器(例如,Linux容器)、或用于处理器支持和/或用于网络设备控制面修改的一些其他设备进行通信。Although the systems and/or methods are described in terms of a network device communicating with a virtual machine, in practice, a network device may communicate with a physical server, a WAN card, a container (e.g., a Linux container), or for processor support and/or Communication with some other devices for control plane modification of network devices.

图2是本文中所描述的系统和/或方法可以被实施的示例环境200的图。如图2所示,环境200可以包括用户设备210-1…210-A(其中A≥1)、客户端设备220、网络设备230、(多个)虚拟机服务器240、中央服务器250以及网络260。FIG. 2 is a diagram of an example environment 200 in which the systems and/or methods described herein may be implemented. As shown in FIG. 2 , environment 200 may include user devices 210-1...210-A (where A≥1), client devices 220, network devices 230, virtual machine server(s) 240, central server 250, and network 260 .

用户设备210可以包括能够通过诸如网络260的网络进行通信的设备。例如,用户设备210可以对应于移动通信设备(例如,智能电话或个人数字助手(PDA))、便携式计算机设备(例如,膝上型电脑或平板计算机)、游戏设备、桌面计算机、服务器或一些其他类型的计算设备。User equipment 210 may include devices capable of communicating over a network, such as network 260 . For example, user device 210 may correspond to a mobile communication device (e.g., a smartphone or a personal digital assistant (PDA)), a portable computing device (e.g., a laptop or tablet computer), a gaming device, a desktop computer, a server, or some other type of computing device.

客户端设备220可以包括计算设备或计算设备的集合。在一些实施中,客户端设备220可以被用于开发服务集,其指导网络设备230与由虚拟机服务器240所存储的虚拟机进行通信(例如,用于处理支持以允许网络设备230给数据流提供服务)。此外,或备选地,客户端设备220可以被用于开发应用,虚拟机服务器240可以执行该应用以修改网络设备230的控制面。在一些实施方式中,客户端设备220可以给网络设备230或中央服务器250提供服务集或应用。Client device 220 may include a computing device or collection of computing devices. In some implementations, client device 220 may be used to develop a set of services that direct network device 230 to communicate with virtual machines stored by virtual machine server 240 (e.g., for processing support to allow network device 230 to stream data Provide services). Additionally, or alternatively, client device 220 may be used to develop applications that virtual machine server 240 may execute to modify the control plane of network device 230 . In some implementations, client device 220 may provide a set of services or applications to network device 230 or central server 250 .

网络设备230可以包括网络路由设备或网络路由设备的集合。在一些实施方式中,网络设备230可以包括路由器、交换机、网关、接入点或一些其他类型的网络设备。在一些实施方式中,网络设备230可以接收数据流,并且可以根据在服务集中所指定的参数来处理数据流。在一些实施方式中,网络设备230可以包括物理路由设备或虚拟路由设备(例如,由作为物理路由设备的服务器存储的虚拟图像)。Network device 230 may include a network routing device or a collection of network routing devices. In some implementations, network device 230 may include a router, switch, gateway, access point, or some other type of network device. In some implementations, network device 230 may receive the data stream and may process the data stream according to parameters specified in the service set. In some implementations, network device 230 may include a physical routing device or a virtual routing device (eg, a virtual image stored by a server that is a physical routing device).

虚拟机服务器240可以包括计算设备,诸如服务器设备或服务器设备的集合。在一些实施方式中,虚拟机服务器240可以实施虚拟机,虚拟机可以通过作为处理设备向数据流提供服务,以给网络设备230提供处理支持(例如,允许网络设备230根据服务集对数据流提供服务)。此外,或备选地,虚拟机服务器240可以实施虚拟机,虚拟机可以执行应用以修改网络设备230的控制面。在一些实施方式中,环境200可以包括多个虚拟机服务器240,其可以被提供作为数据中心的部分。例如,数据中心可以连接多个虚拟机服务器240,以使得通过多个虚拟机服务器240所提供的服务可以被合并在一起,并且以使得通过多个虚拟机服务器240所提供的服务可以由网络设备230容易地读取。在一些实施方式中,每个虚拟机服务器240可以实施多个虚拟机,网络设备230可以从这些虚拟机中选择以便向数据流提供服务。Virtual machine server 240 may include a computing device, such as a server device or collection of server devices. In some implementations, the virtual machine server 240 can implement a virtual machine, and the virtual machine can provide processing support to the network device 230 by providing services to the data stream as a processing device (for example, allowing the network device 230 to provide processing support for the data stream according to a service set). Serve). Additionally, or alternatively, virtual machine server 240 may implement a virtual machine that may execute applications to modify the control plane of network device 230 . In some implementations, environment 200 may include a plurality of virtual machine servers 240, which may be provided as part of a data center. For example, the data center can connect multiple virtual machine servers 240, so that the services provided by the multiple virtual machine servers 240 can be combined together, and so that the services provided by the multiple virtual machine servers 240 can be provided by the network device 230 read easily. In some implementations, each virtual machine server 240 may implement multiple virtual machines from which network device 230 may select to serve data streams.

在一些实施方式中,虚拟机服务器240可以给数据流提供主动的服务和/或被动的服务。例如,在主动的服务中,虚拟机服务器240可以在数据流中修改、丢弃或插入包。例如,在被动的服务中,虚拟机服务器240可以监控数据流,并且可以不转发数据流。在一些实施方式中,被动的服务可以在数据流的备份或样本上进行操作。In some implementations, virtual machine server 240 can provide active and/or passive services to data streams. For example, in active service, virtual machine server 240 may modify, drop or insert packets in the data stream. For example, in a passive service, the virtual machine server 240 may monitor the data flow and may not forward the data flow. In some implementations, passive services may operate on backups or samples of data streams.

在一些实施方式中,由虚拟机服务器240所实施的特定的虚拟机可以针对特定的会话或会话的特定部分退出提供特定的服务。例如,假设虚拟机服务器240给HTTP消息提供HTTP服务,并且虚拟机服务器240基于HTTP消息的头给HTTP消息提供服务。进一步假设HTTP消息的头是由虚拟机服务器240经由会话的第一部分来接收,并且HTTP消息的主体由虚拟机服务器240通过会话的第二部分来接收。给定这些假设,由于虚拟机服务器240可以基于HTTP消息的头给HTTP消息提供HTTP服务,并且可以不需要HTTP消息的主体,虚拟机服务器240可以针对会话的第二部分退出提供HTTP服务。在一些实施方式中,服务退出可以通过降低会话的数目或会话的部分的数目导致性能的改善,在该会话中提供服务。In some implementations, specific virtual machines implemented by virtual machine server 240 may exit specific services for specific sessions or specific portions of sessions. For example, assume that virtual machine server 240 provides HTTP services to HTTP messages, and virtual machine server 240 provides services to HTTP messages based on headers of the HTTP messages. Assume further that the header of the HTTP message is received by virtual machine server 240 via the first part of the session, and the body of the HTTP message is received by virtual machine server 240 via the second part of the session. Given these assumptions, since virtual machine server 240 can serve HTTP messages based on the headers of the HTTP message, and the body of the HTTP message may not be required, virtual machine server 240 can exit service HTTP for the second part of the session. In some implementations, service opt-out may result in improved performance by reducing the number of sessions or portions of sessions in which the service is provided.

在一些实施方式中,虚拟机服务器240可以识别附加的服务以在每个流的基础上应用于不同的数据流。例如,虚拟机服务器240可以对数据流执行深度包检测服务,可以识别与数据流相关联的会话的类型(例如,视频类型会话),并且可以基于会话的类型识别附加的服务以应用于数据流。例如,对于视频类型会话,虚拟机服务器240可以提供缓存服务,然而对于在另一个数据流中的另一类型的会话,虚拟机服务器240可以提供一些其他服务(例如,侵入检测服务或一些其他服务)。结果,不同的数据流可以被引导至由虚拟机服务器240所实施的不同的虚拟机。In some implementations, virtual machine server 240 may identify additional services to apply to different data streams on a per stream basis. For example, virtual machine server 240 may perform a deep packet inspection service on the data flow, may identify the type of session associated with the data flow (e.g., a video type session), and may identify additional services to apply to the data flow based on the type of session . For example, for a video type session, virtual machine server 240 may provide caching services, while for another type of session in another stream, virtual machine server 240 may provide some other service (e.g., an intrusion detection service or some other service ). As a result, different data streams may be directed to different virtual machines implemented by virtual machine server 240 .

中央服务器250可以包括计算设备,诸如服务器设备或服务器设备的集合。在一些实施方式中,中央服务器250可以存储由客户端设备220所提供的服务集和/或应用。中央服务器250可以规定网络设备230以指导网络设备230给数据流提供服务(例如,基于与服务集相关联的信息)。备选地,网络设备230可以从中央服务器250或客户端设备220接收服务集,并且可以基于服务集来识别服务以提供给数据流。在一些实施方式中,中央服务器250可以基于服务集中的信息生成由(多个)虚拟机服务器240所实施的虚拟机。中央服务器250还可以作为目录服务器以广播关于网络设备230可以发现的虚拟机的信息。Central server 250 may include a computing device, such as a server device or collection of server devices. In some implementations, the central server 250 may store the set of services and/or applications provided by the client devices 220 . Central server 250 may provision network device 230 to direct network device 230 to provide services to data flows (eg, based on information associated with service sets). Alternatively, network device 230 may receive a set of services from central server 250 or client device 220 and may identify services to provide to the data stream based on the set of services. In some implementations, the central server 250 can generate the virtual machines implemented by the virtual machine server(s) 240 based on the information in the service set. Central server 250 may also act as a directory server to broadcast information about virtual machines that network device 230 may discover.

网络260可以包括一个或多个有线和/或无线网络。例如,网络260可以包括蜂窝网络、公众地面移动网络(PLMN)、二代(2G)网络、三代(3G)网络、四代(4G)网络、五代(5G)网络和/或其他网络。此外,或备选地,网络260可以包括局域网(LAN)、广域网(WAN)、城域网(MAN)、电话网络(例如,公众交换电话网络(PSTN))、自组织网络、管理的IP网络、虚拟专用网络(VPN)、内联网、互联网、和/或这些的组合或其他类型的网络。Network 260 may include one or more wired and/or wireless networks. For example, network 260 may include a cellular network, a public land mobile network (PLMN), a second generation (2G) network, a third generation (3G) network, a fourth generation (4G) network, a fifth generation (5G) network, and/or other networks. Additionally, or alternatively, network 260 may include a local area network (LAN), a wide area network (WAN), a metropolitan area network (MAN), a telephone network (e.g., a public switched telephone network (PSTN)), an ad hoc network, a managed IP network , a virtual private network (VPN), an intranet, the Internet, and/or combinations of these or other types of networks.

图2中所图示的设备和/或网络的数量并不限于所示出的。实际上,除了图2所图示的,可以有附加的设备和/或网络;较少的设备和/或网络;不同的设备和/或网络;或被不同地布置的设备和/或网络。而且,在一些实施方式中,环境200的一个或多个设备可以执行被描述为由环境200的另一个或多个设备所执行的一个或多个功能。环境200的设备可以通过有线连接、无线连接或有线和无线连接的组合互相连接。The number of devices and/or networks illustrated in FIG. 2 is not limited to that shown. In fact, there may be additional devices and/or networks; fewer devices and/or networks; different devices and/or networks; or differently arranged devices and/or networks than that illustrated in FIG. 2 . Also, in some implementations, one or more devices of environment 200 may perform one or more functions described as being performed by another device or devices of environment 200 . The devices of environment 200 may be interconnected via wired connections, wireless connections, or a combination of wired and wireless connections.

图3A图示网络设备230的示例部件。如图3A所示,网络设备230可以包括路由部件301、输入/输出(I/O)部件302和交换机303。FIG. 3A illustrates example components of network device 230 . As shown in FIG. 3A , the network device 230 may include a routing component 301 , an input/output (I/O) component 302 and a switch 303 .

路由部件301可以包括路由处理器或路由处理器的集合。在一些实施方式中,路由部件301可以针对网络设备230执行高级管理功能。例如,路由部件301可以和被连接至网络设备230的网络和/或系统进行通信以交换关于网络拓扑的信息。在一些实施方式中,路由部件301可以基于网络拓扑信息生成路由表,可以基于路由表生成转发表,并且可以将转发表发送给I/O部件302。在一些实施方式中,路由部件301可以为网络设备230执行其他一般的控制和监控功能。Routing component 301 may include a routing processor or a collection of routing processors. In some implementations, the routing component 301 can perform advanced management functions for the network device 230 . For example, routing component 301 can communicate with networks and/or systems connected to network device 230 to exchange information about the topology of the network. In some implementation manners, the routing component 301 can generate a routing table based on the network topology information, can generate a forwarding table based on the routing table, and can send the forwarding table to the I/O component 302 . In some implementations, routing component 301 may perform other general control and monitoring functions for network device 230 .

I/O部件302可以包括接口设备或接口设备的集合。在一些实施方式中,I/O部件302可以连接至路由部件301和交换机303。在一些实施方式中,I/O部件302可以在被连接至网络的物理链路上接收包。每个物理链路可以是许多类型的传送介质之一,诸如光纤或以太网电缆。物理链路上的包可以根据若干协议之一被格式化,诸如同步光网络(SONET)标准或以太网。在一些实施方式中,I/O部件302可以使用转发表以给到来的数据流执行路由查表。I/O component 302 may include an interface device or collection of interface devices. In some implementations, I/O component 302 may be connected to routing component 301 and switch 303 . In some implementations, I/O component 302 can receive packets over physical links connected to a network. Each physical link can be one of many types of transmission media, such as fiber optics or Ethernet cables. Packets on the physical link may be formatted according to one of several protocols, such as the Synchronous Optical Network (SONET) standard or Ethernet. In some implementations, I/O component 302 can use forwarding tables to perform routing lookups for incoming data flows.

交换机303可以包括一个或多个交换面以有助于两个或多个I/O部件302之间的通信。在一些实施方式中,交换机303可以包括单个或多级交换结构。Switch 303 may include one or more switching planes to facilitate communication between two or more I/O components 302 . In some implementations, switch 303 may include a single or multi-stage switch fabric.

图3B图示可以被用于图2的环境200内的设备300的示例部件。设备300可以对应于用户设备210、客户端设备220、虚拟机服务器240或中央服务器250。用户设备210、客户端设备220、虚拟机服务器240或中央服务器250中的每一个可以包括一个或多个设备300和/或设备300的一个或多个部件。FIG. 3B illustrates example components of device 300 that may be used within environment 200 of FIG. 2 . Device 300 may correspond to user device 210 , client device 220 , virtual machine server 240 or central server 250 . Each of user device 210 , client device 220 , virtual machine server 240 , or central server 250 may include one or more devices 300 and/or one or more components of devices 300 .

如图3B所示,设备300可以包括总线305、处理器310、主存储器315、只读存储器(ROM)320、存储设备325、输入设备330、输出设备335和通信接口340。在一些实施方式中,设备300可以包括附加的部件、较少的部件、不同的部件、或被不同地布置的部件。As shown in FIG. 3B , device 300 may include bus 305 , processor 310 , main memory 315 , read only memory (ROM) 320 , storage device 325 , input device 330 , output device 335 , and communication interface 340 . In some implementations, device 300 may include additional components, fewer components, different components, or differently arranged components.

总线305可以包括允许在设备300的部件之间通信的路径。处理器310可以包括处理器、微处理器、特定应用集成电路(ASIC)、现场可编程门阵列(FPGA)或解释和执行指令的其他类型的处理器。主存储器315可以包括随机存取存储器(RAM)或存储信息或指令用于由处理器310来执行的其他类型的动态存储设备。ROM 320可以包括ROM设备或存储信息或指令用于由处理器310来使用的其他类型的静态存储设备。存储设备325可以包括磁存储介质,诸如硬盘驱动或诸如闪存的可移动存储器。Bus 305 may include paths that allow communication between components of device 300 . Processor 310 may include a processor, microprocessor, application specific integrated circuit (ASIC), field programmable gate array (FPGA), or other type of processor that interprets and executes instructions. Main memory 315 may include random access memory (RAM) or other types of dynamic storage devices that store information or instructions for execution by processor 310 . ROM 320 may include a ROM device or other type of static storage device that stores information or instructions for use by processor 310 . Storage device 325 may include magnetic storage media such as a hard drive or removable memory such as flash memory.

输入设备330可以包括允许操作者对设备300输入信息的部件,诸如控制按钮、键盘、按键或其他类型的输入设备。输出设备335可以包括给操作者输出信息的部件,诸如发光二极管(LED)、显示器或其他类型的输出设备。通信接口340可以包括任何类似收发器的机构,该机构使得设备300可以和其他设备或网络进行通信。在一个实施方式中,通信接口340可以包括无线接口、有线接口或无线接口和有线接口的组合。Input device 330 may include components that allow an operator to enter information into device 300, such as control buttons, a keyboard, keys, or other types of input devices. Output devices 335 may include components that output information to an operator, such as light emitting diodes (LEDs), displays, or other types of output devices. Communication interface 340 may include any transceiver-like mechanism that enables device 300 to communicate with other devices or networks. In one embodiment, the communication interface 340 may include a wireless interface, a wired interface, or a combination of a wireless interface and a wired interface.

设备300可以执行如下面所详细描述的某些操作。响应于处理器310执行包含在诸如主存储器315的计算机可读介质中的软件指令,设备300可以执行这些操作。计算机可读介质可以被限定为永久存储器设备。存储器设备可以包括在单个物理存储设备内的存储器空间或遍布多个物理存储设备的存储器空间。Device 300 may perform certain operations as described in detail below. Device 300 may perform these operations in response to processor 310 executing software instructions contained in a computer-readable medium, such as main memory 315 . A computer readable medium may be defined as a persistent storage device. A memory device may include memory space within a single physical storage device or memory space spread across multiple physical storage devices.

软件指令可以从诸如存储设备325的另一个计算机可读介质或通过通信接口340从另一个设备读入到主存储器315中。主存储器315中所包含的软件指令可以指导处理器310执行后面将要描述的过程。备选地,硬线电路可以被使用代替或结合软件指令来实施本文中所描述的过程。因此,本文中所描述的实施不限制于硬件电路和软件的任何特定的组合。Software instructions may be read into main memory 315 from another computer-readable medium, such as storage device 325 or from another device through communication interface 340 . The software instructions contained in the main memory 315 can direct the processor 310 to perform the processes that will be described later. Alternatively, hard-wired circuitry may be used in place of or in combination with software instructions to implement the processes described herein. Thus, implementations described herein are not limited to any specific combination of hardware circuitry and software.

图4图示可以被环境200中的一个或多个设备所存储的示例数据结构400,诸如客户端设备220、网络设备230、虚拟机服务器240或中央服务器250。在一个实施方式中,数据结构400可以被存储在客户端设备220、网络设备230、虚拟机服务器240或中央服务器250的存储器中。在另一个实施方式中,数据结构400可以被存储在和客户端设备220、网络设备230、虚拟机服务器240或中央服务器250分离但是可由其存取的存储器中。在一些实施方式中,数据结构400的部分可以被环境200中的设备来存储,并且数据结构400的另一个部分可以被环境200中的另一个设备来存储。FIG. 4 illustrates an example data structure 400 that may be stored by one or more devices in environment 200 , such as client device 220 , network device 230 , virtual machine server 240 , or central server 250 . In one embodiment, data structure 400 may be stored in memory of client device 220 , network device 230 , virtual machine server 240 , or central server 250 . In another embodiment, data structure 400 may be stored in memory separate from, but accessible by, client device 220 , network device 230 , virtual machine server 240 , or central server 250 . In some implementations, a portion of data structure 400 may be stored by a device in environment 200 and another portion of data structure 400 may be stored by another device in environment 200 .

如图4所示,数据结构400可以包括接口信息域410、服务集ID域420、服务参数域430和虚拟机信息域440。As shown in FIG. 4 , the data structure 400 may include an interface information field 410 , a service set ID field 420 , a service parameter field 430 and a virtual machine information field 440 .

接口信息域410可以识别和网络设备230的接口相关联的信息。例如,接口信息域410可以识别接口标识符(ID)、过滤器和数据流的方向(例如,入站或出站方向)。在一些实施方式中,接口ID域可以存储一串字符来识别网络设备230的接口(例如,以太网接口、帧中继接口、串行接口、SONET接口或一些其他类型的接口)。此外,或备选地,接口ID可以对应于端口标识符或识别网络设备230的接口的一些其他标识符,通过该接口网络设备230可以接收数据流。Interface information field 410 may identify information associated with an interface of network device 230 . For example, interface information field 410 may identify an interface identifier (ID), filter, and direction of data flow (eg, inbound or outbound direction). In some implementations, the interface ID field may store a string of characters to identify an interface of network device 230 (eg, an Ethernet interface, a frame relay interface, a serial interface, a SONET interface, or some other type of interface). Additionally, or alternatively, the interface ID may correspond to a port identifier or some other identifier that identifies an interface of network device 230 through which network device 230 may receive a data stream.

在一些实施方式中,特定的接口可以和用户设备210的特定组相关联(例如,一组用户设备210用网络设备提供商被订阅到一个服务)。也就是,网络设备230可以经由第一接口从用户设备210接收数据流,该用户设备210是第一组用户设备210的部分。类似地,网络设备230可以经由第二接口从另一个用户设备210接收数据流,该用户设备210是第二组用户设备210的部分。如上所述,服务集可以基于经由网络设备230的特定接口所接收到的数据来识别服务以提供给数据流。因此,网络设备230可以对从第一组用户设备210所接收的数据流提供第一服务,并且对从第二组用户设备210所接受的数据流提供第二服务。In some implementations, a particular interface may be associated with a particular group of user devices 210 (eg, a group of user devices 210 subscribed to a service with a network equipment provider). That is, the network device 230 may receive a data stream from a user device 210 that is part of the first group of user devices 210 via the first interface. Similarly, the network device 230 may receive a data stream via the second interface from another user device 210 that is part of the second group of user devices 210 . As described above, a set of services may identify services to provide to a data flow based on data received via a particular interface of the network device 230 . Thus, the network device 230 may provide a first service for data streams received from the first group of user devices 210 and a second service for data streams received from the second group of user devices 210 .

在一些实施中,网络设备230可以确定服务以提供给数据流,该数据流经由特定的接口所接收并且满足特定的过滤器。网络设备230还可以确定特定的服务参数以提供给数据流(例如,针对防火墙服务的特定的规则、针对NAT服务的特定的地址池)。进一步,网络设备230可以基于数据流的方向(例如,入站或出站方向)来确定服务集以提供给数据流。入站或出站域可以存储识别与特定的服务集相关联的数据流的方向的信息。例如,网络设备230可以根据数据流是入站数据流还是出站数据流来识别服务以提供给数据流。在一些实施方式中,入站方向可以涉及由网络设备230所接收的数据流。出站方向可以涉及由网络设备230所发送的数据流。In some implementations, network device 230 may determine a service to provide to a data stream that is received via a particular interface and that satisfies a particular filter. The network device 230 may also determine specific service parameters to provide to the data flow (eg, specific rules for firewall services, specific address pools for NAT services). Further, network device 230 may determine a set of services to provide to a data flow based on the direction of the data flow (eg, inbound or outbound direction). An inbound or outbound field may store information identifying the direction of data flow associated with a particular set of services. For example, network device 230 may identify a service to provide to a data flow based on whether the data flow is an inbound data flow or an outbound data flow. In some implementations, the inbound direction may relate to data streams received by network device 230 . The outbound direction may relate to data streams sent by network device 230 .

过滤域可以针对由特定的接口所接收的数据流来识别过滤准则(例如,如由接口ID所识别的)。在一些实施方式中,网络设备230可以使用过滤器通过检查与数据流相关联的包的内容来选择特定的数据流。在一些实施方式中,过滤器可以指导网络设备230基于过滤域所存储的信息来选择数据流。例如,过滤域可以识别互联网协议(IP)地址、硬件ID、用户ID或与数据流相关联的一些其他标识符。A filter domain may identify filter criteria (eg, as identified by an interface ID) for data streams received by a particular interface. In some implementations, network device 230 may use filters to select particular data flows by examining the contents of packets associated with the data flows. In some implementations, the filter may direct the network device 230 to select a data flow based on information stored in the filter field. For example, a filtering domain may identify an Internet Protocol (IP) address, a hardware ID, a user ID, or some other identifier associated with the data flow.

作为示例,假设过滤域存储两个IP地址,诸如“172.25.14.4”和“174.23.6.52”。进一步,假设网络设备230经由对应于接口ID为“4896”的接口来接收两个数据流。进一步,假设网络设备230所接收的两个数据流分别和IP地址“172.25.14.4”和“555.23.6.52”相关联。网络设备230可以向与IP地址“172.25.14.4”相关联的数据流提供服务,并且可以不向与IP地址“555.23.6.52”相关联的数据流提供服务。在一些实施方式中,过滤域可以存储白名单(例如,一列IP地址,或者与数据流相关联的一些其他标识符,以识别网络设备230可以向其提供服务的数据流)或黑名单(例如,一列IP地址,或者与数据流相关联的一些其他标识符,以识别网络设备230可以不向其提供服务的数据流)。As an example, assume that the filtering domain stores two IP addresses, such as "172.25.14.4" and "174.23.6.52". Further, assume that the network device 230 receives two data streams via the interface corresponding to the interface ID "4896". Further, assume that the two data flows received by the network device 230 are respectively associated with IP addresses "172.25.14.4" and "555.23.6.52". Network device 230 may serve data flows associated with IP address "172.25.14.4," and may not service data flows associated with IP address "555.23.6.52." In some implementations, the filtering domain may store a whitelist (e.g., a list of IP addresses, or some other identifier associated with a data flow to identify data flows to which network device 230 may provide service) or a blacklist (e.g., , a list of IP addresses, or some other identifier associated with a data flow to identify a data flow to which network device 230 may not provide service).

在一些实施中,过滤器可以是无状态的。例如,过滤器可以指导网络设备230基于与数据流相关联的个别的包来选择数据流。备选地,过滤器可以是有状态的。例如,过滤器可以指导网络设备230基于之前所接收的包来选择数据流。In some implementations, filters can be stateless. For example, a filter may direct network device 230 to select a data flow based on the individual packets associated with the data flow. Alternatively, filters can be stateful. For example, a filter may direct network device 230 to select a data flow based on previously received packets.

服务集ID域420可以存储一串字符来唯一地识别与特定的接口、特定的过滤器和特定的数据流方向相关联的服务集。如图4所示,具有服务集ID 123的服务集可以与在入站方向上经由接口ID 5844所接收的数据流相关联。因此,网络设备230可以在处理在入站方向上经由接口ID 5844所接收的数据流时识别服务集ID 123。在一些实施方式中,在新的服务集被网络设备230或中央服务器250所接收时,服务集ID可以被生成。在一些实施方式中(例如,在服务集ID是数字时),所生成的服务集ID可以是最近使用的服务集ID之后的下一个数字。The service set ID field 420 may store a string of characters to uniquely identify the service set associated with a specific interface, a specific filter, and a specific data flow direction. As shown in FIG. 4 , a service set with service set ID 123 may be associated with data flows received via interface ID 5844 in the inbound direction. Accordingly, network device 230 may recognize service set ID 123 when processing data flows received via interface ID 5844 in the inbound direction. In some implementations, a service set ID may be generated when a new service set is received by the network device 230 or the central server 250 . In some implementations (eg, when the service set ID is a number), the generated service set ID may be the next number after the most recently used service set ID.

作为另一个示例,假设具有服务集ID 584的服务集与在入站或出站方向上经由接口ID 4896所接收的数据流相关联。进一步,假设过滤器(例如,IP地址的白名单或黑名单)和服务集ID 584相关联。因此,网络设备230可以在处理在入站方向或出站方向上经由接口ID 4896所接收的数据流并且满足过滤器时识别服务集ID 584。As another example, assume that a service set with service set ID 584 is associated with a data flow received via interface ID 4896 in either the inbound or outbound direction. Further, assume that a filter (eg, a whitelist or blacklist of IP addresses) is associated with a service set ID 584 . Accordingly, network device 230 may identify service set ID 584 when processing data flow received via interface ID 4896 in either the inbound or outbound direction and satisfies the filter.

服务参数域430可以存储识别一组规则、指令、过程、功能的信息或与特定的服务集相关联的一些其他信息。在一些实施方式中,由服务参数域430所存储的信息可以对应于提供给数据流的服务。例如,如图4所示,服务参数域430可以存储信息,该信息指导网络设备230向与服务集ID 123相关联的数据流提供防火墙服务(例如,在入站方向上经由接口ID5844所接收的数据流)。此外,服务参数域430可以存储与服务相关联的特定的参数,诸如特定的路由操作、一列IP地址、一列NAT规则或与服务相关联的一些其他参数。在一些实施方式中,服务参数域430可以针对单个服务集存储多个服务参数。Service parameters field 430 may store information identifying a set of rules, instructions, procedures, functions, or some other information associated with a particular set of services. In some implementations, the information stored by the service parameter field 430 may correspond to a service provided to the data flow. For example, as shown in FIG. 4 , service parameter field 430 may store information directing network device 230 to provide firewall services to data flows associated with service set ID 123 (e.g., traffic received via interface ID 5844 in the inbound direction data flow). Additionally, the service parameter field 430 may store specific parameters associated with the service, such as a specific routing operation, a list of IP addresses, a list of NAT rules, or some other parameter associated with the service. In some implementations, the service parameter field 430 may store multiple service parameters for a single set of services.

虚拟机信息域440可以存储信息以识别的特定的虚拟机,网络设备230与该虚拟机通信以便向数据流提供服务。例如,虚拟机信息域440可以存储虚拟机ID(VM ID)、服务器ID(例如,与特定的虚拟机服务器240相关联的标识符)、虚拟机和/或虚拟机服务器240的IP地址、和/或识别虚拟机的一些其他信息。在一些实施方式中,虚拟机信息域440可以不针对特定的虚拟机存储信息,并且可以存储诸如“自动选择”的信息以指导网络设备230执行自动选择功能来识别与其通信的可用虚拟机。Virtual machine information field 440 may store information to identify the particular virtual machine with which network device 230 communicates to provide services to the data stream. For example, the virtual machine information field 440 may store a virtual machine ID (VM ID), a server ID (e.g., an identifier associated with a particular virtual machine server 240), the virtual machine and/or the IP address of the virtual machine server 240, and /or some other information identifying the virtual machine. In some implementations, the virtual machine information domain 440 may not store information specific to a virtual machine, and may store information such as "auto-select" to instruct the network device 230 to perform an auto-select function to identify an available virtual machine to communicate with.

虽然特定的域在数据结构400中以特定的形式被示出,但是实际上,除了图4所示出的,数据结构400可以包括附加的域、较少的域、不同的域或被不同地配置的域。Although certain fields are shown in a particular form in data structure 400, in practice, data structure 400 may include additional fields, fewer fields, different fields, or be differently named than those shown in FIG. configured domain.

图5图示用于使用虚拟机处理数据流的示例过程的流程图。在一个实施方式中,过程500可以通过网络设备230的一个或多个部件来执行。在另一个实施方式中,过程500的一些或所有块可以通过环境200中另一个设备(例如,虚拟机服务器240或中央服务器250)的一个或多个部件,或者通过包括或不包括网络设备230的设备组来执行。5 illustrates a flow diagram of an example process for processing a data stream using a virtual machine. In one embodiment, process 500 may be performed by one or more components of network device 230 . In another embodiment, some or all of the blocks of process 500 may be implemented by one or more components of another device in environment 200 (e.g., virtual machine server 240 or central server 250), or by including or excluding network device 230. device group to execute.

如图5所示,过程500可以包括接收服务集(块510)。在一个实施方式中,网络设备230可以从客户端设备220接收服务集(例如,经由网络设备230的用户接口)。例如,客户端设备220可以被用于开发服务集,并且在网络设备230上安装该服务集。在另一个实施方式中,中央服务器250可以从客户端设备220来接收服务集。在这种情况下,中央服务器250可以向网络设备230提供服务集。例如,中央服务器250可以基于由客户端设备220安装在在网络设备230上的优先级策略在网络设备230上安装该服务集。As shown in FIG. 5, process 500 may include receiving a service set (block 510). In one implementation, network device 230 may receive a set of services from client device 220 (eg, via a user interface of network device 230 ). For example, client device 220 may be used to develop a set of services and install the set of services on network device 230 . In another implementation, the central server 250 may receive the set of services from the client device 220 . In this case, the central server 250 may provide the set of services to the network device 230 . For example, central server 250 may install the set of services on network device 230 based on a priority policy installed on network device 230 by client device 220 .

过程500还可以包括创建虚拟机(块520)。在一个实施方式中,网络设备230可以使用信令协议和/或控制面协议来指导虚拟机服务器240根据与服务集相关联的信息来创建虚拟机。例如,网络设备230可以识别特定的虚拟机服务器240,并且可以指导已识别的虚拟机服务器240创建具有特定的IP地址、特定的标识符、特定的配置和/或具有一些其他的参数的虚拟机。在一些实施方式中,虚拟机服务器240可以向网络设备230提供指示,即虚拟机已经被创建。在另一个实施方式中,中央服务器250可以创建虚拟机(例如,以与上面所描述相类似的方式)。在这种情况下,中央服务器250可以广播虚拟机已经被创建的指示,以使得网络设备230可以发现被新创建的虚拟机。Process 500 may also include creating a virtual machine (block 520). In one embodiment, the network device 230 may use a signaling protocol and/or a control plane protocol to instruct the virtual machine server 240 to create a virtual machine according to information associated with the service set. For example, network device 230 may identify a particular virtual machine server 240, and may direct the identified virtual machine server 240 to create a virtual machine with a particular IP address, a particular identifier, a particular configuration, and/or with some other parameters . In some implementations, virtual machine server 240 may provide an indication to network device 230 that a virtual machine has been created. In another embodiment, central server 250 may create virtual machines (eg, in a manner similar to that described above). In this case, central server 250 may broadcast an indication that a virtual machine has been created so that network device 230 may discover the newly created virtual machine.

过程500还可以包括与虚拟机创建通道(块530)。例如,网络设备230可以使用控制面协议来在网络设备230和虚拟机之间创建通道。在一些实施方式中,该通道可以允许网络设备230给虚拟机提供数据流用于以这样的方式来处理,该方式为阻止数据流被路由至处理的数据流的原始目的地或无意识的位置。进一步,在中间的路由器或交换机不能识别虚拟机时,通道可以促成数据流的传输。在一些实施方式中,在网络设备230创建虚拟机时,或在网络设备230发现虚拟机时,网络设备230可以自动地创建通道。结果,在虚拟机被创建时,通道可以被自动地建立,以使得该通道可以被容易地用于向虚拟机传输数据流。Process 500 may also include creating a channel with the virtual machine (block 530). For example, network device 230 may use a control plane protocol to create a tunnel between network device 230 and a virtual machine. In some implementations, the channel may allow the network device 230 to provide the data stream to the virtual machine for processing in a manner that prevents the data stream from being routed to the original destination or unintended location of the processed data stream. Furthermore, the channel can facilitate the transmission of data flow when the intermediate router or switch cannot identify the virtual machine. In some implementations, when the network device 230 creates a virtual machine, or when the network device 230 discovers a virtual machine, the network device 230 can automatically create a channel. As a result, a channel can be automatically established when a virtual machine is created so that the channel can be easily used to transmit data streams to the virtual machine.

过程500可以进一步包括经由特定的接口接收数据流(块540)。例如,网络设备230可以从用户设备210经由特定的接口(例如,以太网接口、帧中继接口、网络设备230的特定的端口等)来接收数据流。如上所述,特定的接口可以与用户设备210的特定组相关联(例如,一组用户设备210被订阅到具有网络设备提供商的服务)。Process 500 may further include receiving the data stream via the specified interface (block 540). For example, network device 230 may receive data streams from user device 210 via a specific interface (eg, an Ethernet interface, a frame relay interface, a specific port of network device 230 , etc.). As noted above, a particular interface may be associated with a particular group of user devices 210 (eg, a group of user devices 210 subscribed to a service with a network equipment provider).

过程500还可以包括识别服务以提供给数据流(块550)。例如,网络设备230可以基于诸如由数据结构400所存储的信息的信息来识别服务以提供给数据流。在一些实施方式中,网络设备230可以经由特定的接口接收数据流,并且可以将过滤器应用至数据流以确定该服务用以提供至该数据流(例如,如上面根据图4所描述的)。在一些实施方式中,网络设备230可以确定与识别的服务相关联的处理需求。Process 500 may also include identifying services to provide to the data stream (block 550). For example, network device 230 may identify services to provide to a data flow based on information such as information stored by data structure 400 . In some embodiments, network device 230 may receive a data stream via a particular interface, and may apply a filter to the data stream to determine the service to provide to the data stream (e.g., as described above with respect to FIG. 4 ) . In some implementations, network device 230 may determine processing requirements associated with the identified service.

过程500可以进一步包括识别服务处理位置(块560)。例如,网络设备230可以基于诸如由数据结构400所存储的信息的信息识别服务处理位置(例如,由特定的虚拟机服务器240所实施的特定的虚拟机)。如上所述,服务处理位置可以基于虚拟机ID、服务器ID、IP地址或一些其他标识符来识别。备选地,网络设备230可以启动自动选择功能以自动地识别服务处理位置。例如,网络设备230可以识别提供识别的服务的虚拟机,并且可以选择具有处理容量以满足与识别的服务相关联的处理需求的那些虚拟机之一。在一些实施方式中,网络设备230可以指导虚拟机服务器240在具有足够的处理容量的虚拟机不可用的情形下生成虚拟机。Process 500 may further include identifying a service processing location (block 560). For example, network device 230 may identify a service processing location (eg, a particular virtual machine implemented by a particular virtual machine server 240 ) based on information such as information stored by data structure 400 . As noted above, a service processing location may be identified based on a virtual machine ID, server ID, IP address, or some other identifier. Alternatively, network device 230 may activate an auto-select function to automatically identify the service processing location. For example, network device 230 may identify virtual machines that provide the identified service, and may select one of those virtual machines that has the processing capacity to meet the processing requirements associated with the identified service. In some implementations, network device 230 may direct virtual machine server 240 to generate a virtual machine in the event that a virtual machine with sufficient processing capacity is not available.

备选地,中央服务器250可以识别服务处理位置,并且向网络设备230提供识别该服务处理位置的信息。例如,中央服务器250可以识别提供识别的服务并且具有处理容量以满足与识别的服务相关联的处理需求的虚拟机。在一些实施方式中,中央服务器250可以指导虚拟机服务器240在具有足够的处理容量的虚拟机不可用的情形下生成虚拟机。Alternatively, central server 250 may identify the service processing location and provide information identifying the service processing location to network device 230 . For example, central server 250 may identify a virtual machine that provides the identified service and that has processing capacity to meet the processing requirements associated with the identified service. In some implementations, central server 250 may instruct virtual machine server 240 to generate a virtual machine in the event that a virtual machine with sufficient processing capacity is not available.

过程500还可以包括封装数据流并且添加元数据(块570)。例如,网络设备230可以基于诸如由数据结构400所存储的信息的信息向数据流添加服务集ID(例如,元数据)。在一些实施方式中,网络设备230可以附加元数据,以使得识别的虚拟机可以识别服务ID以及与服务ID相关联的对应的服务参数。Process 500 may also include encapsulating the data stream and adding metadata (block 570). For example, network device 230 may add a service set ID (eg, metadata) to a data stream based on information such as information stored by data structure 400 . In some implementations, the network device 230 can append metadata such that the identified virtual machine can identify the service ID and the corresponding service parameters associated with the service ID.

在一些实施方式中,元数据可以包括上下文信息,诸如经由其数据流被接收的接口的ID、在其中数据流被接收的路由实例的ID、与数据流相关联的订阅者或会话ID或者一些其他上下文信息。此外,或备选地,元数据可以包括便签式存储器以识别信息来允许特定的虚拟机与另一个虚拟机通信信息。此外,或备选地,元数据可以包括信息以在包被虚拟机处理并且被网络设备230接收时,允许网络设备将与数据流相关联的包重新插入到转发管道中。在一些示例实施方式中,元数据在尺寸上可以是8、16或32个字节,或者可以是一些其他的尺寸。In some implementations, metadata may include contextual information, such as the ID of the interface via which the data stream was received, the ID of the routing instance in which the data stream was received, the subscriber or session ID associated with the data stream, or some Additional contextual information. Additionally, or alternatively, metadata may include scratch pads to identify information to allow a particular virtual machine to communicate information with another virtual machine. Additionally, or alternatively, the metadata may include information to allow the network device to reinsert packets associated with the data flow into the forwarding pipeline as the packets are processed by the virtual machine and received by the network device 230 . In some example implementations, metadata may be 8, 16, or 32 bytes in size, or may be some other size.

在一些实施方式中,网络设备230可以封装对应于与虚拟机服务器240(对应于服务位置)相关联的通道的通道包中的数据流。在一些实施方式中,通道包可以经由与虚拟机服务器240相关联的特定的通道有助于数据流的传输。In some implementations, network device 230 may encapsulate data streams in channel packets corresponding to channels associated with virtual machine servers 240 (corresponding to service locations). In some implementations, channel packs may facilitate the transmission of data streams via specific channels associated with virtual machine servers 240 .

过程500还可以包括向服务处理位置提供数据流(块580)。例如,网络设备230可以向块560中所识别的虚拟机服务器240提供数据流。在一些实施方式中,网络设备230可以使用通道包经由通道来提供数据流。例如,通道包可以包括信息以识别虚拟机服务器240的IP地址。网络设备230可以在由网络设备230所存储的路由表中查找IP地址以识别经由其传输数据流的出站接口(例如,与通道相关联的接口)。在一些实施方式中,网络设备230可以向虚拟机服务器240提供对应于服务ID的指令(例如,指导虚拟机服务器240如何代表网络设备230处理数据流的指令)。在一些实施方式中,网络设备230可以使用服务集信令协议或一些其他类型的协议来提供指令。作为示例,假设网络设备230确定与数据流相关联的服务集ID“123”,该服务集ID“123”包括涉及一列防火墙规则的服务参数。给定这些假设,虚拟机服务器240可以代表网络设备230处理数据流以形成具有一列已应用于数据流的防火墙规则的处理的数据流(例如,具有被应用于数据流的服务的数据流)。Process 500 may also include providing the data stream to the service processing location (block 580). For example, network device 230 may provide a data stream to virtual machine server 240 identified in block 560 . In some implementations, network device 230 may provide data streams via channels using channel packets. For example, the channel packet may include information to identify the IP address of the virtual machine server 240 . Network device 230 may look up the IP address in a routing table stored by network device 230 to identify the outbound interface (eg, the interface associated with the tunnel) via which the data flow was transmitted. In some implementations, network device 230 may provide virtual machine server 240 with instructions corresponding to the service ID (eg, instructions instructing virtual machine server 240 on how to process the data flow on behalf of network device 230 ). In some implementations, network device 230 may provide instructions using a service set signaling protocol or some other type of protocol. As an example, assume that network device 230 determines a service set ID "123" associated with a data flow that includes service parameters related to a list of firewall rules. Given these assumptions, virtual machine server 240 may process the data flow on behalf of network device 230 to form a processed data flow with a list of firewall rules applied to the data flow (eg, a data flow with services applied to the data flow).

过程500可以进一步包括从服务处理位置接收处理的数据流,并且向目标输出(块590)。例如,网络设备230可以从虚拟机服务器240接收处理的数据流,并且可以向目标设备输出处理的数据流(例如,特定的用户设备210或服务设备)。结果,通过识别与数据流相关联的服务(例如,基于经由其数据流被接收的接口、数据流方向和/或应用于数据流的一个或多个过滤器),识别服务位置(例如,特定的虚拟机服务器240实施特定的虚拟机),附加服务ID至数据流,并且与虚拟机服务器240进行通信以允许虚拟机服务器240处理数据流并且根据对应于服务ID的服务参数应用服务,网络设备230可以向接收的数据流提供服务,。Process 500 may further include receiving the processed data stream from the service processing location and outputting to the target (block 590). For example, network device 230 may receive a processed data stream from virtual machine server 240 and may output the processed data stream to a target device (eg, a particular user device 210 or service device). As a result, service locations (e.g., specific The virtual machine server 240 implements a specific virtual machine), attaches the service ID to the data flow, and communicates with the virtual machine server 240 to allow the virtual machine server 240 to process the data flow and apply the service according to the service parameter corresponding to the service ID, the network device 230 may provide services to the received data streams.

虽然对于图5特定的块系列已经在上面描述,操作、数据流和/或块的顺序可以在其他的实施方式中被修改。进一步,非独立的操作和/或数据流可以被并行地执行。Although the specific series of blocks for FIG. 5 have been described above, the operations, data flow, and/or order of the blocks may be modified in other implementations. Further, dependent operations and/or data flows may be performed in parallel.

图6A图示如本文中所描述的示例实施方式。在图6A中,假设两个用户设备210(例如,UD-1和UD-2)经由网络设备230互相进行通信。进一步假设,如上所述,网络设备230与多个虚拟机(例如,虚拟机1到X,其中X>1)建立通道。在一些实施方式中,网络设备230可以经由网络设备230特定的接口从UD-1和/或UD-2接收数据流。如上所述,网络设备230可以基于经由其数据流被接收的接口和/或基于过滤器来识别与数据流相关联的服务和服务位置。Figure 6A illustrates an example embodiment as described herein. In FIG. 6A , it is assumed that two user devices 210 (eg, UD- 1 and UD- 2 ) communicate with each other via a network device 230 . It is further assumed that, as described above, the network device 230 establishes channels with multiple virtual machines (eg, virtual machines 1 to X, where X>1). In some implementations, network device 230 may receive data streams from UD-1 and/or UD-2 via a network device 230 specific interface. As described above, network device 230 may identify services and service locations associated with a data flow based on the interface via which the data flow is received and/or based on filters.

如上所述,网络设备230可以识别服务位置(例如,虚拟机)以发送数据流用于处理。例如,网络设备230可以执行自动选择功能以识别提供识别的服务并且具有处理容量以处理识别的服务的虚拟机。备选地,网络设备230可以基于被包括在服务集中的虚拟机ID信息来识别虚拟机。在图6A中,假设网络设备230识别虚拟机2作为服务位置(例如,通过自动选择或通过被包括在服务集中的虚拟机ID信息)。给定这个假设,网络设备230可以封装通道中的数据流,附加元数据至数据流(例如,以识别服务集ID),并且向虚拟机2提供数据流(例如,经由通道)用于处理。在一些实施方式中,虚拟机2可以代表网络设备230根据对应于服务集ID的服务集参数来处理数据流。如上所述,并且如图6A所示,网络设备230可以接收处理的数据流,并且向各自的用户设备210提供处理的数据流。As described above, network device 230 may identify service locations (eg, virtual machines) to send data streams for processing. For example, network device 230 may perform an automatic selection function to identify a virtual machine that provides the identified service and has the processing capacity to process the identified service. Alternatively, the network device 230 may identify the virtual machine based on virtual machine ID information included in the service set. In FIG. 6A , it is assumed that the network device 230 recognizes the virtual machine 2 as the service location (eg, by automatic selection or by virtual machine ID information included in the service set). Given this assumption, network device 230 may encapsulate the data stream in the channel, append metadata to the data stream (eg, to identify the service set ID), and provide the data stream to virtual machine 2 (eg, via the channel) for processing. In some implementations, the virtual machine 2 can process the data flow on behalf of the network device 230 according to the service set parameter corresponding to the service set ID. As described above, and as shown in FIG. 6A , network devices 230 may receive processed data streams and provide processed data streams to respective user devices 210 .

在一些实施方式中(例如,在处理的数据流从虚拟机通过网络设备230来接收时),处理的数据流能够被注入到不同的路由实例(例如,虚拟路由和转发(VRF)或上下文或区域),而不是业务流最初被网络设备230所接收的路由实例。结果,在虚拟机修改在数据流(例如,NAT)中的包的目标IP地址时,数据流可以被处理。In some implementations (e.g., when the processed data flow is received from a virtual machine through the network device 230), the processed data flow can be injected into a different routing instance (e.g., a virtual routing and forwarding (VRF) or context or area), rather than the routing instance where the traffic flow is initially received by the network device 230. As a result, data streams may be processed while the virtual machine modifies the destination IP address of packets in the data stream (eg, NAT).

在一些实施方式中,服务位置(例如,虚拟机2)可以向与服务位置接收到数据流的网络设备230不同的网络设备230提供处理的数据流。参照图6B,假设第一网络设备230(例如,网络设备230-1)从UD-1接收去往UD-2的数据流。进一步假设网络设备230-1识别虚拟机2作为服务位置。如图6B所示,虚拟机2可以处理数据流,并且向第二网络设备(例如,网络设备230-2)提供处理的数据流。如图6B所示,网络设备230-2可以向目标设备(例如,UD-2)提供处理的数据流。在一些实施方式中,服务位置可以基于具有容量以向目标设备提供处理的数据流的网络设备230,基于服务目标设备的网络设备230和/或基于一些其他因素,来识别将处理的数据流发送到哪里。In some implementations, the service location (eg, virtual machine 2 ) may provide the processed data stream to a different network device 230 than the network device 230 from which the data stream was received by the service location. Referring to FIG. 6B, assume that a first network device 230 (eg, network device 230-1) receives a data stream from UD-1 destined for UD-2. Assume further that network device 230-1 identifies virtual machine 2 as a service location. As shown in FIG. 6B, virtual machine 2 may process the data stream and provide the processed data stream to a second network device (eg, network device 230-2). As shown in FIG. 6B, network device 230-2 may provide the processed data stream to a target device (eg, UD-2). In some implementations, the service location may identify the network device 230 to which the processed data stream will be sent based on the network device 230 having the capacity to provide the processed data stream to the target device, based on the network device 230 serving the target device, and/or based on some other factor. to where.

图7图示如本文中所描述的示例实施方式。图7图示虚拟机的链接以代表网络设备230处理数据流。例如,多个虚拟机(例如,虚拟机1到Y(其中Y>1))可以被链接到一起(例如,经由链接通道)来作为单个虚拟机。类似于图6A-6B,网络设备230可以基于经由其数据流被接收的接口和/或基于过滤器来针对数据流识别服务集。网络设备230可以附加元数据至数据流,封装通道包中的数据流,向多个虚拟机发送数据流(例如,通过通道包)用于处理,并且向各自的用户设备210提供处理的数据流。Figure 7 illustrates an example implementation as described herein. FIG. 7 illustrates the linking of virtual machines to process data flow on behalf of the network device 230 . For example, multiple virtual machines (eg, virtual machines 1 through Y (where Y>1)) can be linked together (eg, via a link channel) as a single virtual machine. Similar to FIGS. 6A-6B , network device 230 may identify a service set for a data flow based on an interface via which the data flow is received and/or based on a filter. The network device 230 may append metadata to the data stream, encapsulate the data stream in a channel packet, send the data stream to multiple virtual machines for processing (e.g., via a channel packet), and provide the processed data stream to respective user devices 210 .

图8图示如本文中所描述的示例实施方式。如上所述,客户端设备220可以被用于开发应用,虚拟机服务器240可以执行该应用以修改网络设备230的控制面(例如,防火墙过滤器、路由表等)。在一些实施方式中,客户端设备220可以向虚拟机服务器240提供控制面修改应用。例如,客户端设备220可以向中央服务器250提供应用,并且中央服务器250可以向虚拟机服务器240提供应用(例如,通过以这样的形式发布应用,该方式允许虚拟机服务器240发现应用并且从中央服务器250请求应用)。备选地,客户端设备220可以独立于中央服务器250向虚拟机服务器240提供应用。在一些实施方式中,虚拟机服务器240可以执行应用并且可以与网络设备230进行通信以根据应用的指令来修改网络设备230的控制面。Figure 8 illustrates an example implementation as described herein. As noted above, client device 220 may be used to develop applications that virtual machine server 240 may execute to modify the control plane of network device 230 (eg, firewall filters, routing tables, etc.). In some implementations, client device 220 may provide a control plane modification application to virtual machine server 240 . For example, client device 220 may provide the application to central server 250, and central server 250 may provide the application to virtual machine server 240 (e.g., by publishing the application in a form that allows virtual machine server 240 to discover the application and download it from the central server 240). 250 Request to apply). Alternatively, client device 220 may provide applications to virtual machine server 240 independently of central server 250 . In some implementations, the virtual machine server 240 can execute an application and can communicate with the network device 230 to modify the control plane of the network device 230 according to the application's instructions.

一些示例应用可以允许虚拟机在网络设备230的路由表中安装路由,在网络设备230上安装防火墙过滤器/策略,并且将防火墙过滤器/策略与网络设备230上的接口相关联,从网络设备230重新得到配置和/或执行由网络设备230存储的操作要求,或允许虚拟机执行一些其他功能或以一些其他的方式修改网络设备230的控制面。在一些实施方式中,和蜂窝网络相关联的移动管理实体(MME)可以使用防火墙应用编程接口(API)将MME控制流量的特定的流引导至控制面修改应用所位于的特定的虚拟机。Some example applications may allow a virtual machine to install routes in the routing table of network device 230, install firewall filters/policies on network device 230, and associate firewall filters/policies with interfaces on network device 230, from network device 230 to 230 reconfigures and/or enforces operational requirements stored by network device 230 , or allows a virtual machine to perform some other function or modify the control plane of network device 230 in some other way. In some embodiments, a Mobility Management Entity (MME) associated with a cellular network may use a firewall application programming interface (API) to direct a specific flow of MME control traffic to a specific virtual machine where the control plane modification application resides.

因为虚拟机服务器240可以被用于代表网络设备230处理数据流,或者修改网络设备230的控制面,网络设备230可以能够通过在公共设施上与一个或多个虚拟机服务器240所实施的一个或多个虚拟机进行通信,来向任意数量的数据流提供任意数量的服务。进一步,虚拟机可以被位于各种地理位置的服务器实施。如上所述,虚拟机服务器240可以被提供作为数据中心的部分,以使得虚拟机服务器240所提供的服务可以被网络设备230容易地读取。Because virtual machine servers 240 may be used to process data flows on behalf of network devices 230, or to modify the control plane of network devices 230, network devices 230 may be able to communicate with one or more virtual machine servers 240 implemented on a common facility or Multiple virtual machines communicate to provide any number of services to any number of streams. Further, virtual machines can be implemented by servers located in various geographic locations. As described above, the virtual machine server 240 may be provided as part of the data center so that the services provided by the virtual machine server 240 may be easily accessed by the network device 230 .

前述描述提供图示和描述,但是不旨在于非常详尽或将可能的实施方式限制到所公开的精确形式。根据以上的公开的修改和变形是可能的,或可以从实施方式的实践中获得。The foregoing description provides illustration and description, but is not intended to be exhaustive or to limit possible implementations to the precise forms disclosed. Modifications and variations are possible in light of the above disclosure or may be acquired from practice of the embodiments.

将清楚,上面所提供的描述的不同示例可以以软件、固件和图中所图示的实施中的硬件的各种不同形式来实施。用于实施这些示例的实际软件代码或特定的控制硬件是不限制于实施方式。因此,这些示例的操作和行为没有参照特定的软件代码被描述——将理解,软件和控制硬件能够被设计以基于本文中的描述来实施这些示例。It will be clear that the different examples of the description provided above may be implemented in various different forms of software, firmware, and hardware in the implementations illustrated in the figures. The actual software code or specific control hardware used to implement these examples is not limiting of the implementations. Accordingly, the operation and behavior of these examples are not described with reference to specific software code - it will be understood that software and controlling hardware can be designed to implement these examples based on the description herein.

即使特征的特定组合被权利要求所保护和/或在说明书中被公开,这些组合不旨在于限制可能的实施方式的公开。实际上,许多这些特征可以以各种形式被组合,不特定地按照权利要求所保护的和/或在说明书中所公开的那样。虽然下面所列出的每个从属权利要求可以直接仅引用一个其他权利要求,但是可能的实施的公开包括每个从属权利要求结合权利要求集中的每一个其他权利要求。Even though certain combinations of features are claimed and/or disclosed in the specification, these combinations are not intended to limit the disclosure of possible embodiments. In fact, many of these features may be combined in various forms, not specifically as claimed and/or disclosed in the specification. Although each dependent claim listed below may directly reference only one other claim, the disclosure of possible implementations includes each dependent claim in combination with every other claim in the claim set.

除非如这样明确地描述,在本申请中所使用的元件、行为或指令不应该被解释为重要的或必须的。而且,如本文中所使用的,冠词“一”旨在于包括一个或多个项目,并且可以和“一个或多个”交换地来使用。在只用一个项目时,术语“一个”或类似的语言被使用。进一步,短语“基于”旨在于表示“至少部分地基于”,除非另外被明确地阐述。No element, act, or instruction used in the present application should be construed as critical or essential unless explicitly described as such. Also, as used herein, the article "a" is intended to include one or more items and may be used interchangeably with "one or more". Where only one item is used, the term "one" or similar language is used. Further, the phrase "based on" is intended to mean "based at least in part on," unless expressly stated otherwise.

Claims (1)

1.一种方法,包括:1. A method comprising: 由网络设备接收数据流;receiving data streams by network devices; 由所述网络设备基于关于服务集的信息来识别服务以应用于所述数据流;identifying, by the network device, a service to apply to the data flow based on the information about the set of services; 由所述网络设备向处理设备提供所述数据流以使得所述处理设备代表所述网络设备处理所述数据流以形成经处理的数据流,providing, by the network device, the data stream to a processing device such that the processing device processes the data stream on behalf of the network device to form a processed data stream, 所述处理设备不同于所述网络设备,并且the processing device is distinct from the network device, and 所述经处理的数据流包括具有被应用于所述数据流的所述服务的所述数据流;said processed data stream includes said data stream with said service applied to said data stream; 由所述网络设备从所述处理设备接收所述经处理的数据流;以及receiving, by the network device, the processed data stream from the processing device; and 由所述网络设备朝向目标设备发送所述经处理的数据流。The processed data stream is sent by the network device towards a target device.
CN201810135086.7A 2012-12-31 2013-12-31 Dynamic network device handling using external components Active CN108183868B (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US201261747930P 2012-12-31 2012-12-31
US61/747,930 2012-12-31
US13/740,781 2013-01-14
US13/740,781 US8954535B2 (en) 2012-12-31 2013-01-14 Dynamic network device processing using external components
CN201310751351.1A CN103916453B (en) 2012-12-31 2013-12-31 Dynamic network device handling using external components

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201310751351.1A Division CN103916453B (en) 2012-12-31 2013-12-31 Dynamic network device handling using external components

Publications (2)

Publication Number Publication Date
CN108183868A true CN108183868A (en) 2018-06-19
CN108183868B CN108183868B (en) 2021-11-05

Family

ID=49958203

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201810135086.7A Active CN108183868B (en) 2012-12-31 2013-12-31 Dynamic network device handling using external components
CN201310751351.1A Active CN103916453B (en) 2012-12-31 2013-12-31 Dynamic network device handling using external components

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201310751351.1A Active CN103916453B (en) 2012-12-31 2013-12-31 Dynamic network device handling using external components

Country Status (3)

Country Link
US (3) US8954535B2 (en)
EP (1) EP2750343B1 (en)
CN (2) CN108183868B (en)

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9270472B2 (en) * 2011-03-29 2016-02-23 Time Warner Cable Enterprises Llc System and method for assigning a service flow classifier to a device
US10135732B2 (en) 2012-12-31 2018-11-20 Juniper Networks, Inc. Remotely updating routing tables
US8954535B2 (en) 2012-12-31 2015-02-10 Juniper Networks, Inc. Dynamic network device processing using external components
US20140376555A1 (en) * 2013-06-24 2014-12-25 Electronics And Telecommunications Research Institute Network function virtualization method and apparatus using the same
US10348628B2 (en) * 2013-09-12 2019-07-09 Vmware, Inc. Placement of virtual machines in a virtualized computing environment
US9634948B2 (en) 2013-11-07 2017-04-25 International Business Machines Corporation Management of addresses in virtual machines
US9864623B2 (en) 2013-11-21 2018-01-09 Centurylink Intellectual Property Llc Physical to virtual network transport function abstraction
US9998320B2 (en) 2014-04-03 2018-06-12 Centurylink Intellectual Property Llc Customer environment network functions virtualization (NFV)
RU2568282C2 (en) * 2014-04-18 2015-11-20 Закрытое акционерное общество "Лаборатория Касперского" System and method for ensuring fault tolerance of antivirus protection realised in virtual environment
US9742881B2 (en) * 2014-06-30 2017-08-22 Nicira, Inc. Network virtualization using just-in-time distributed capability for classification encoding
US10225327B2 (en) 2014-08-13 2019-03-05 Centurylink Intellectual Property Llc Remoting application servers
US9898318B2 (en) 2014-08-15 2018-02-20 Centurylink Intellectual Property Llc Multi-line/multi-state virtualized OAM transponder
US20160057206A1 (en) * 2014-08-19 2016-02-25 International Business Machines Corporation Application profile to configure and manage a software defined environment
JP6394455B2 (en) * 2015-03-24 2018-09-26 富士通株式会社 Information processing system, management apparatus, and program
US20160373297A1 (en) * 2015-06-18 2016-12-22 At & T Intellectual Property I, L.P. Device, system, and method for managing virtual and physical components of a network via use of a registry
US9882833B2 (en) 2015-09-28 2018-01-30 Centurylink Intellectual Property Llc Intent-based services orchestration
WO2017113193A1 (en) * 2015-12-30 2017-07-06 华为技术有限公司 Packet-processing method, gateway user plane entity, gateway control plane entity and gateway
US10841206B2 (en) * 2016-05-31 2020-11-17 128 Technology, Inc. Flow modification including shared context
US10708165B2 (en) * 2016-06-22 2020-07-07 Telefonaktiebolaget Lm Ericsson (Publ) Methods, switch and frame capture managing module for managing Ethernet frames
US10764394B2 (en) * 2016-11-30 2020-09-01 At&T Intellectual Property I, L.P. Resource based framework to support service programmability for a 5G or other next generation mobile core network
US11070475B2 (en) * 2018-12-13 2021-07-20 Google Llc Transparent migration of virtual network functions
US12363035B2 (en) 2021-09-29 2025-07-15 Juniper Networks, Inc. Opportunistic mesh for software-defined wide area network (SD-WAN)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1507734A (en) * 2001-03-15 2004-06-23 ض� Universal foreign agent
CN102055667A (en) * 2009-11-04 2011-05-11 丛林网络公司 Methods and apparatus for configuring a virtual network switch
US20120079092A1 (en) * 2009-12-28 2012-03-29 Telefonaktiebolaget L M Ericsson (Publ) Management of data flows between user equipment nodes and clusters of networked resource nodes
US20120079478A1 (en) * 2010-09-23 2012-03-29 Cisco Technology, Inc. Network Interface Controller for Virtual and Distributed Services
EP2533480A1 (en) * 2011-06-10 2012-12-12 Comcast Cable Communications, LLC Quality of service in packet networks

Family Cites Families (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6006264A (en) * 1997-08-01 1999-12-21 Arrowpoint Communications, Inc. Method and system for directing a flow between a client and a server
US6539026B1 (en) 1999-03-15 2003-03-25 Cisco Technology, Inc. Apparatus and method for delay management in a data communications network
US8042041B1 (en) * 2000-05-05 2011-10-18 Pitney Bowes Software Inc. Method and apparatus for pipelined processing of data
US6651067B1 (en) * 2000-05-05 2003-11-18 Sagent Technology Method and apparatus for creating a data set with pending results
US6651142B1 (en) * 2000-05-05 2003-11-18 Sagent Technology Method and apparatus for processing data using multi-tier caching
US7529563B1 (en) * 2000-07-10 2009-05-05 Pitroda Satyan G System for distribution and use of virtual stored value cards
US7363353B2 (en) * 2001-07-06 2008-04-22 Juniper Networks, Inc. Content service aggregation device for a data center
JP2004287861A (en) * 2003-03-24 2004-10-14 Fuji Xerox Co Ltd Service processor, service processing method and program
US7881215B1 (en) * 2004-03-18 2011-02-01 Avaya Inc. Stateful and stateless data processing
US7496661B1 (en) * 2004-03-29 2009-02-24 Packeteer, Inc. Adaptive, application-aware selection of differentiated network services
US7843843B1 (en) * 2004-03-29 2010-11-30 Packeteer, Inc. Adaptive, application-aware selection of differntiated network services
US7376080B1 (en) * 2004-05-11 2008-05-20 Packeteer, Inc. Packet load shedding
TWI276244B (en) * 2004-06-04 2007-03-11 Wistron Neweb Corp Wireless communication device capable of switching antennas according to data transmission information on network
US7505463B2 (en) * 2004-06-15 2009-03-17 Sun Microsystems, Inc. Rule set conflict resolution
US7742406B1 (en) * 2004-12-20 2010-06-22 Packeteer, Inc. Coordinated environment for classification and control of network traffic
US7765312B2 (en) * 2007-03-12 2010-07-27 Telefonaktiebolaget L M Ericsson (Publ) Applying policies for managing a service flow
US7864676B2 (en) 2008-07-14 2011-01-04 The Mitre Corporation Network cross-domain precedence and service quality conflict mitigation
US8266673B2 (en) * 2009-03-12 2012-09-11 At&T Mobility Ii Llc Policy-based privacy protection in converged communication networks
US8705361B2 (en) * 2009-06-16 2014-04-22 Tellabs Operations, Inc. Method and apparatus for traffic management in a wireless network
US8665101B2 (en) * 2009-11-16 2014-03-04 Aquarius Spectrum Ltd. System method and device for leak detection and localization in a pipe network
US9848090B2 (en) * 2012-01-24 2017-12-19 Alcatel Lucent Offline charging per service data flow
US9684886B2 (en) * 2012-08-10 2017-06-20 Sap Se Cross-domain business mashup integration
US9727872B2 (en) * 2012-10-04 2017-08-08 Moneygram International, Inc. Utilizing near field communication to improve customer interactions
US8954535B2 (en) * 2012-12-31 2015-02-10 Juniper Networks, Inc. Dynamic network device processing using external components
EP2994867A4 (en) * 2013-05-06 2017-01-18 Veeva Systems Inc. System and method for controlling electronic communications

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1507734A (en) * 2001-03-15 2004-06-23 ض� Universal foreign agent
CN102055667A (en) * 2009-11-04 2011-05-11 丛林网络公司 Methods and apparatus for configuring a virtual network switch
US20120079092A1 (en) * 2009-12-28 2012-03-29 Telefonaktiebolaget L M Ericsson (Publ) Management of data flows between user equipment nodes and clusters of networked resource nodes
US20120079478A1 (en) * 2010-09-23 2012-03-29 Cisco Technology, Inc. Network Interface Controller for Virtual and Distributed Services
EP2533480A1 (en) * 2011-06-10 2012-12-12 Comcast Cable Communications, LLC Quality of service in packet networks

Also Published As

Publication number Publication date
CN108183868B (en) 2021-11-05
US9596318B2 (en) 2017-03-14
US9258384B2 (en) 2016-02-09
US20160156735A1 (en) 2016-06-02
US8954535B2 (en) 2015-02-10
US20150156277A1 (en) 2015-06-04
EP2750343A1 (en) 2014-07-02
CN103916453B (en) 2018-02-16
US20140189050A1 (en) 2014-07-03
CN103916453A (en) 2014-07-09
EP2750343B1 (en) 2015-10-14

Similar Documents

Publication Publication Date Title
CN103916453B (en) Dynamic network device handling using external components
JP6430634B2 (en) Chaining network service functions in communication networks
KR101900536B1 (en) Implementing a 3g packet core in a cloud computer with openflow data and control planes
ES2663410T3 (en) A network controller and a computerized method implemented to automatically define forwarding rules to configure a computer network interconnect device
US9654395B2 (en) SDN-based service chaining system
JP6509219B2 (en) Methods, systems, and computer readable media for Diameter routing using software defined network (SDN) functionality
US12177926B2 (en) Managing service function chains
EP2833588B1 (en) Remotely updating routing tables
CN106911778A (en) A kind of flow bootstrap technique and system
US9584422B2 (en) Methods and apparatuses for automating return traffic redirection to a service appliance by injecting traffic interception/redirection rules into network nodes
ES3038955T3 (en) Methods and apparatus for providing traffic forwarder via dynamic overlay network
KR101527377B1 (en) Service chaining system based on software defined networks
KR101746105B1 (en) Openflow switch capable of service chaining
CN110324244A (en) A kind of method for routing and server based on Linux virtual server
KR101679224B1 (en) Network system based on sdn capable traffice distribution
US20180109472A1 (en) Controller, control method and program
KR101739100B1 (en) Method of controlling openflow switch capable of service chaining and controller thereof
CN117203938A (en) Systems and methods for segmenting transit capabilities within multi-cloud architectures
KR20160116621A (en) Service chaining method in openflow switch
WO2025111206A1 (en) Congestion control in rdma fabrics
CN115914135A (en) A data transmission method, virtual switch and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant